package com.example.order.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.authserver.AuthorizationServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;

import java.security.KeyPair;

/**
 * 资源服务配置
 *
 * @author: YoCiyy
 * @date: 2020/6/19
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private OAuth2ClientProperties oAuth2ClientProperties;

    /*@Autowired
    private AuthorizationServerProperties authorizationServerProperties;*/

    /**
     * 自定义用户认证信息转换器
     */
    @Bean
    public CustomUserAuthenticationConverter customUserAuthenticationConverter() {
        return new CustomUserAuthenticationConverter();
    }

    @Bean
    public CustomJwtAccessTokenConverterConfigurer customJwtAccessTokenConverterConfigurer() {
        return new CustomJwtAccessTokenConverterConfigurer(customUserAuthenticationConverter());
    }

    /**
     * token服务配置
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.tokenServices(tokenServices());
    }

    /**
     * 路由安全认证配置
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                // 配置api打头的路由需要安全认证，order无配置无需认证
                .antMatchers("/api/**").authenticated()
                .and().csrf().disable();
    }

    /**
     * jwt token 校验解析器
     */
    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }



    @Autowired
    private DefaultAccessTokenConverter defaultAccessTokenConverter;

    /**
     * Token转换器必须与认证服务一致
     */
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter accessTokenConverter = new JwtAccessTokenConverter();
        accessTokenConverter.setSigningKey("YoCiyy");

        /*JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        AuthorizationServerProperties.Jwt jwtProperties = authorizationServerProperties.getJwt();
        // 导入证书
        KeyPair keyPair = new KeyStoreKeyFactory(new ClassPathResource(jwtProperties.getKeyStore()),
                jwtProperties.getKeyPassword().toCharArray()).getKeyPair(jwtProperties.getKeyAlias());
        converter.setKeyPair(keyPair);*/
        //accessTokenConverter.setAccessTokenConverter(defaultAccessTokenConverter);
        return accessTokenConverter;
    }

    /**
     * 资源服务令牌解析服务
     */
    @Bean
    @Primary
    public ResourceServerTokenServices tokenServices() {
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        remoteTokenServices.setCheckTokenEndpointUrl("http://localhost:9528/oauth/check_token");
        //remoteTokenServices.setCheckTokenEndpointUrl("http://uaa-service/oauth/check_token");
        remoteTokenServices.setClientId(oAuth2ClientProperties.getClientId());
        remoteTokenServices.setClientSecret(oAuth2ClientProperties.getClientSecret());
        return remoteTokenServices;
    }
}

